meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Tuesday, June 24th, 2025: Ichano ATHome IP Camera Scans; Netscaler Vulnerability; WinRar Vulnerability

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 24 June 2025

⏱️ 5 minutes

🧾️ Download transcript

Summary


Scans for Ichano AtHome IP Cameras
A couple days ago, a few sources started scanning for the username super_yg and the password 123. This is associated with Ichano IP Camera software.
https://isc.sans.edu/diary/Scans%20for%20Ichano%20AtHome%20IP%20Cameras/32062
Critical Netscaler Security Update CVE-2025-5777
CVE 2025-5777 is a critical severity vulnerability impacting NetScaler Gateway, i.e. if NetScaler has been configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
https://www.netscaler.com/blog/news/critical-security-updates-for-netscaler-netscaler-gateway-and-netscaler-console/
WinRar Vulnerability CVE-2025-6218
WinRar may be tricked into extracting files into attacker-determined locations, possibly leading to remote code execution
https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=276&cHash=b5165454d983fc9717bc8748901a64f9

Transcript

Click on a timestamp to play from that location

0:00.0

Hello and welcome to the Tuesday, June 24th, 2025 edition of the Sands Internet Storm Centers

0:07.5

Stormcast. My name is Johannes Ulrich, and today's episode is brought to you by the Sands.edu

0:14.5

graduate certificate program in cybersecurity leadership, and it is recorded in Stockholm, Germany.

0:22.8

Now, today I noticed that some Telnet Zieg scanners did use a little bit an odd username,

0:30.2

super underscore YG.

0:32.2

This started on the 18th, so a couple of days ago and has been used persistently since then by about

0:39.6

a dozen different IP addresses that in addition to this username, they also scanned for

0:46.4

some fairly common usernames like Rood, Guest, and other sort of common default username

0:53.9

and password combinations. So this one

0:56.5

stuck out a little bit. Turns out it's associated with an older vulnerability from 2017 in

1:05.1

software that is called IP cameras and made by a company that I believe is pronounced I channel.

1:13.8

Now, the issue here is that even though this particular vulnerability was discovered and reported in 2017,

1:21.3

there is no real evidence that this default username and password has ever been removed from this particular product.

1:30.6

This is an IP camera product, but not your usual sort of standalone IP camera.

1:36.4

It's actually software that can be used to turn smartphones, tablets, laptops and such,

1:42.7

into IP cameras for surveillance, for security cameras.

1:48.9

And with that, of course, a lot of the functionality and with that common vulnerabilities

1:53.6

that we often find in these type of cameras are being exposed.

1:59.9

And then if you are running Citrix's

2:02.8

NetScaler appliances, well,

2:05.6

it's update time for you last week.

2:09.5

Citrix did release a critical update.

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.